Just nu i M3-nätverket
Jump to content

Hög CPU och seg dator


Joborn

Recommended Posts

Skulle behöva lite hjälp. Den senaste tiden har dator börjat bli riktigt seg och CPU är nästan alltid uppe i 100 %. Känns som om hela datorn håller på och skär ihop. Bifogar en Hijack-log. Vore kanon om någon hade lust att titta igenom.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:20:37, on 2010-03-17

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Trend Micro\HijackThis\joborn.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svid.se/F...kning/Manniska/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe -background

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - HKUS\S-1-5-21-1992230366-3263500106-3080809339-1003\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Besökare')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: *.handelsbanken.se

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BredbandscenterDownloader - Glocalnet AB - C:\Program Files\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe

O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

 

--

End of file - 10231 bytes

Link to comment
Share on other sites

Jag ser inget särskilt i loggen, men det finns mycket skadligt som inte syns i en HijackThis-logg.

 

Vilka processer är det som använder CPUn mest enligt Aktivitetshanteraren - Processer (kom ihåg att välja att visa för alla användare)?

Link to comment
Share on other sites

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Jonas at 14:09:24,57 on 2010-03-17

Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2038.989 [GMT 1:00]

 

SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Gizmo\gservice.exe

C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Wacom_Tablet.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

c:\program files\real\realplayer\RealPlay.exe

C:\Users\Jonas\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.svid.se/For-forskare/Publikationer/Ur-Under-ytan-En-antologi-om-designforskning/Manniska/

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [<NO NAME>]

mRun: [MSPService] c:\program files\cyberlink\magicsports\kernel\magicsports\MSPMirage.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [Active Web Reader] c:\program files\deskshare\active web reader\Active Web Reader.exe -background

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: handelsbanken.se

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

============= SERVICES / DRIVERS ===============

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]

R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [2008-10-27 23624]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program files\glocalnet\bredbandscenter\BredbandscenterUpdater.exe [2008-10-9 1055912]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-2-22 133512]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-2-22 41312]

R2 Gizmo Central;Gizmo Central;c:\program files\gizmo\gservice.exe [2008-10-27 28272]

R2 GtDetectSc;GtDetectSc;c:\program files\option\telenor mobilt bredband\GtDetectSc.exe [2007-12-18 196704]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-1-10 1373480]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-2-1 8320]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-22 42368]

 

=============== Created Last 30 ================

 

2010-03-13 13:12:27 0 d-----w- c:\program files\common files\xing shared

2010-03-11 17:00:02 0 d-----w- c:\users\jonas\appdata\roaming\ESET

2010-03-11 16:58:47 0 d-----w- c:\programdata\ESET

2010-03-11 16:58:47 0 d-----w- c:\program files\ESET

2010-03-11 15:26:23 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-10 22:00:30 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-10 22:00:25 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-10 22:00:24 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-24 08:14:06 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-24 08:13:41 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-24 08:13:40 471552 ----a-w- c:\windows\system32\secproc.dll

2010-02-24 08:13:39 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-24 08:13:39 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-24 08:13:39 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-24 08:13:39 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-24 08:13:39 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-02-24 08:13:39 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-24 08:13:39 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-24 08:13:36 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-02-24 08:13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-02-24 08:13:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-02-23 09:38:04 0 d-----w- c:\programdata\Real

2010-02-22 15:51:14 41312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2010-02-22 15:51:04 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys

2010-02-22 15:50:56 134488 ----a-w- c:\windows\system32\drivers\epfw.sys

2010-02-22 15:50:06 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2010-02-22 15:47:22 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys

2010-02-22 09:34:13 0 d-----w- c:\program files\Microsoft Office Outlook Connector

 

==================== Find3M ====================

 

2010-03-11 16:59:21 51200 ----a-w- c:\windows\inf\infpub.dat

2010-03-11 16:59:21 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-03-11 16:59:20 143360 ----a-w- c:\windows\inf\infstor.dat

2010-03-06 08:46:12 610424 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-06 08:46:12 123466 ----a-w- c:\windows\system32\perfc01D.dat

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-22 19:59:17 109443 ----a-w- c:\users\jonas\appdata\roaming\nvModes.dat

2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-18 05:54:20 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-06-18 19:13:02 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2006-03-11 18:23:19 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2006-03-11 18:23:19 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2006-03-11 18:23:19 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2006-03-11 18:23:19 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-10-15 14:01:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-02-11 00:00:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008020420080211\index.dat

2008-02-18 02:30:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008021120080218\index.dat

2008-02-18 02:30:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008021820080219\index.dat

2008-02-19 07:30:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008021920080220\index.dat

2008-02-20 11:00:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008022020080221\index.dat

2008-02-21 23:30:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008022220080223\index.dat

2008-02-24 15:00:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008022420080225\index.dat

2009-12-01 16:22:31 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2006-03-11 18:32:36 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 14:13:10,01 ===============

 

 

Attach.txt

Link to comment
Share on other sites

Hur länge har det varit så här?

Explorer.exe är programmet som visar Skrivbordet, hanterar Datorn och Utforskaren. Märker du något samband med vad du gör i datorn och hög CPU-aktivitet?

Har du mycket liggande på Skrivbordet?

 

Det är gamla Java-versioner med säkerhetshål i datorn. Avinstallera:

Java™ 6 Update 3

Java™ 6 Update 5

Java™ SE Runtime Environment 6 Update 1

 

Spara Security Check by screen317 på Skrivbordet.

http://screen317.spywareinfoforum.org/SecurityCheck.exe

Kör Security Check (i Vista högerklicka och Kör som administratör).

När det är klart så kommer en loggfil upp i Anteckningar, checkup.txt, klistra in den i ditt svar.

Link to comment
Share on other sites

Förklaringen kan vara att du har 2 st antivirusprogram installerade,detta leder oftast till konflikter och sämre säkerhet,avinstallera antingen Norton eller Nod32 är mitt förslag!

 

Mvh Laston

Link to comment
Share on other sites

I kanske ca två månader.

Det enda jag har reagerat på är att CPU:n är hög när jag har explorer öppet.

Och ja, jag har en hel del på skrivbordet. Hade en mapp med ca 17 gb på skrivbordet. Har flyttat den till dokument nu. Eller föreslår du nå annat?

 

 

 

 

Results of screen317's Security Check version 0.99.1

Windows Vista Service Pack 2 (UAC is enabled)

``````````````````````````````

Antivirus/Firewall Check:

ESET Smart Security

Norton 360

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 17

Adobe Flash Player 10

Adobe Reader 8

Adobe Reader 8.1.2 - Svenska

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSASCui.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

 

 

 

Link to comment
Share on other sites

Adobe Reader 8

Adobe Reader 8.1.2 - Svenska

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Out of date Adobe Reader installed!

Se till att installera en nyare version av Adobe Reader utan säkerhetsproblem.

 

Naturligtvis så är det som Laston skrev inte lämpligt att ha Norton installerad när du använder Nod32.

 

Mappar på skrivbordet brukar gå bra, liksom genvägar, men att ha t ex stora filmfiler eller många filer direkt på Skrivbordet kan vara påfrestande för explorer.

 

För att se vad som hände för så länge sedan som två månader fungerar inte DDS så bra. Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Under Standard Registry välj All.

Ändra 30 dagar till 90.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

 

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt.

Link to comment
Share on other sites

Nu är en nyare version av Adobe installerad.

 

Missade helt Lastons inlägg. Jag har försökt att ta bort Norton men har inte lyckats. Har bland annant försökt att installera det på nytt för att sedan avinstallera, testat norton removal tool och försökt i felsäkert läge, men inget har fungerat.

 

Här kommer loggfilen från OTL:

 

OTL logfile created on: 2010-03-18 11:06:31 - Run 1

OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\Jonas\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 141,04 Gb Total Space | 9,18 Gb Free Space | 6,51% Space Free | Partition Type: NTFS

Drive D: | 149,05 Gb Total Space | 84,96 Gb Free Space | 57,00% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: JONAS-DATOR

Current User Name: Jonas

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Program\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)

PRC - C:\Program\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)

PRC - C:\Program\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)

PRC - C:\Program\Gizmo\gservice.exe (Arainia Solutions)

PRC - C:\Program\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

PRC - C:\Program\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Program\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)

PRC - C:\Program\Option\Telenor Mobilt Bredband\GtDetectSc.exe (OptionNV)

PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()

PRC - C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (Gizmo Central) -- C:\Program\Gizmo\gservice.exe (Arainia Solutions)

SRV - (BredbandscenterDownloader) -- C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

SRV - (WinDefend) -- C:\Program\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (GtDetectSc) -- C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe (OptionNV)

SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)

SRV - (IAANTMON) Intel® -- C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)

DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)

DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)

DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)

DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (GizmoDrv) -- C:\Windows\System32\drivers\gizmodrv.sys (Arainia Solutions LLC)

DRV - (Tdsshbecr) -- C:\Windows\System32\drivers\shbecr.sys (Todos Data System AB)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (NETw4v32) Kortdrivrutin för Windows Vista 32-bitars för Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.svid.se/F...kning/Manniska/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.co...TF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 08:03:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-04-01 15:59:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-03-11 17:58:53 | 000,000,000 | ---D | M]

 

[2010-03-11 17:37:28 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\jl050z2b.default\extensions

[2008-01-24 13:27:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\jl050z2b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008-02-08 20:45:56 | 000,002,386 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\FireFox\Profiles\jl050z2b.default\searchplugins\siteadvisor.xml

[2008-06-06 14:30:03 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions

[2006-03-11 11:29:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008-01-27 18:07:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[2008-01-30 16:29:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008-04-20 15:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[2007-04-10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program\Mozilla Firefox\plugins\np-mswmp.dll

[2007-03-22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program\Mozilla Firefox\plugins\NPOFFICE.DLL

[2007-05-10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program\Mozilla Firefox\plugins\nppdf32.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin2.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin3.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin4.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin5.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin6.dll

[2008-06-01 19:43:03 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program\Mozilla Firefox\plugins\npqtplugin7.dll

 

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Inloggningshjälp för Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\Google\Google_BAE\BAE.dll (Packard Bell)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Active Web Reader] C:\Program Files\Deskshare\Active Web Reader\Active Web Reader.exe File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPService] C:\Program\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: handelsbanken.se ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.80.98.2 213.80.101.3

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jonas\Pictures\Design enligt von Stamm.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jonas\Pictures\Design enligt von Stamm.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-03-31 20:19:14 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{342a4347-7219-11dd-93dd-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{342a4347-7219-11dd-93dd-001b24a35b3f}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found

O33 - MountPoints2\{475da870-c2a9-11dc-8220-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{475da870-c2a9-11dc-8220-001b24a35b3f}\Shell\AutoRun\command - "" = F:\start.exe -- File not found

O33 - MountPoints2\{49f54e62-00d5-11de-bd3a-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{49f54e62-00d5-11de-bd3a-001b24a35b3f}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found

O33 - MountPoints2\{56c13a81-024a-11dd-b661-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{56c13a81-024a-11dd-b661-001b24a35b3f}\Shell\AutoRun\command - "" = H:\start.exe -- File not found

O33 - MountPoints2\{59c97a9e-b9cc-11de-82dc-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{59c97a9e-b9cc-11de-82dc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{69cb63c5-a4d0-11dd-8d11-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{69cb63c5-a4d0-11dd-8d11-001b24a35b3f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O33 - MountPoints2\{88424693-7ce0-11de-8f57-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{88424693-7ce0-11de-8f57-001b24a35b3f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{884246c2-7ce0-11de-8f57-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{884246c2-7ce0-11de-8f57-001b24a35b3f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\{884246d2-7ce0-11de-8f57-001b24a35b3f}\Shell - "" = AutoRun

O33 - MountPoints2\{884246d2-7ce0-11de-8f57-001b24a35b3f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe -- File not found

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

OTL cannot create restorepoints on Vista OSs!

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-03-18 11:02:48 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe

[2010-03-17 18:38:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010-03-17 16:27:06 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Users\Jonas\Desktop\Norton_Removal_Tool.exe

[2010-03-17 16:02:10 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll

[2010-03-17 15:00:32 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Documents\e4w68hzh

[2010-03-13 14:12:27 | 000,000,000 | ---D | C] -- C:\Program\Common Files\xing shared

[2010-03-11 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\ESET

[2010-03-11 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\ESET

[2010-03-11 17:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2010-03-11 17:58:47 | 000,000,000 | ---D | C] -- C:\Program\ESET

[2010-03-11 16:26:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

[2010-03-10 23:00:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010-03-10 23:00:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010-03-09 19:33:04 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Hur man arbetar som design researcher

[2010-03-04 11:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Marknadsanalys

[2010-02-27 17:34:43 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Real

[2010-02-27 17:33:54 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010-02-27 17:33:54 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010-02-27 17:33:20 | 000,000,000 | ---D | C] -- C:\Program\real

[2010-02-24 09:14:20 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010-02-24 09:14:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-02-24 09:13:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010-02-24 09:13:40 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010-02-24 09:13:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010-02-24 09:13:39 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010-02-24 09:13:39 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010-02-24 09:13:39 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010-02-24 09:13:39 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010-02-24 09:13:39 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010-02-24 09:13:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010-02-24 09:13:36 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010-02-24 09:13:35 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-02-24 09:13:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-02-23 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2010-02-22 16:51:14 | 000,041,312 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwwfp.sys

[2010-02-22 16:51:04 | 000,032,584 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys

[2010-02-22 16:50:56 | 000,134,488 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfw.sys

[2010-02-22 16:50:06 | 000,114,984 | ---- | C] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys

[2010-02-22 16:47:22 | 000,133,512 | ---- | C] (ESET) -- C:\Windows\System32\drivers\eamonm.sys

[2010-02-22 10:34:13 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Office Outlook Connector

[2010-02-21 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Marknadsföringsteori

[2010-02-15 11:19:23 | 000,000,000 | ---D | C] -- C:\Program\HD Tune

[2010-02-10 12:16:56 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010-02-10 12:16:56 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010-02-10 12:09:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010-02-10 12:09:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010-02-10 12:09:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010-02-10 12:09:12 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010-02-05 17:37:45 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\C-uppsats

[2010-01-29 10:20:11 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010-01-29 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Städa

[2010-01-22 08:12:53 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010-01-22 08:12:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010-01-22 08:12:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010-01-22 08:12:52 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010-01-22 08:12:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-01-22 08:12:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010-01-22 08:12:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-01-22 08:12:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010-01-22 08:12:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010-01-22 08:12:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010-01-22 08:12:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010-01-22 08:12:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010-01-22 08:12:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010-01-22 08:12:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010-01-21 19:40:46 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Malwarebytes

[2010-01-21 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-01-21 19:40:36 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2010-01-21 19:32:32 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro

[2010-01-16 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\KTH Tenta

[2010-01-13 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\CrashDumps

[2010-01-13 09:50:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010-01-13 09:50:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010-01-07 17:54:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010-01-07 17:54:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010-01-07 17:54:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010-01-07 15:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2010-01-07 15:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2010-01-02 19:30:52 | 000,000,000 | ---D | C] -- C:\Program\Common Files\DESIGNER

[2010-01-02 19:15:06 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2010-01-02 19:10:37 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Works

[2010-01-02 19:09:33 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Visual Studio

[2010-01-02 19:08:25 | 000,000,000 | ---D | C] -- C:\Program\Microsoft.NET

[2010-01-02 18:42:10 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Visual Studio 8

[2010-01-02 18:39:36 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Microsoft Help

[2010-01-02 18:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010-01-02 18:38:00 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2008-03-31 20:09:34 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll

[30 C:\Users\Jonas\Desktop\*.tmp files -> C:\Users\Jonas\Desktop\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-03-18 11:20:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DDF32D9C-B5D1-4B1B-A079-9136B65F6C8B}.job

[2010-03-18 11:17:32 | 007,077,888 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT

[2010-03-18 11:03:06 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe

[2010-03-18 11:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Utökad garanti.job

[2010-03-18 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job

[2010-03-18 09:57:31 | 000,109,443 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\nvModes.001

[2010-03-18 09:56:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010-03-18 09:55:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-03-18 09:55:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-03-18 09:55:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-03-18 09:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-03-18 09:55:02 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys

[2010-03-18 00:13:37 | 000,524,288 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2010-03-18 00:13:37 | 000,065,536 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010-03-18 00:13:25 | 003,288,863 | -H-- | M] () -- C:\Users\Jonas\AppData\Local\IconCache.db

[2010-03-17 23:49:00 | 000,022,789 | ---- | M] () -- C:\Users\Jonas\Desktop\text - norrgavel&GAD[1] med kommentarer.docx

[2010-03-17 18:49:36 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010-03-17 16:27:09 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Users\Jonas\Desktop\Norton_Removal_Tool.exe

[2010-03-17 16:00:49 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll

[2010-03-17 14:59:41 | 000,843,187 | ---- | M] () -- C:\Users\Jonas\Desktop\SecurityCheck.exe

[2010-03-17 14:08:23 | 000,525,824 | ---- | M] () -- C:\Users\Jonas\Desktop\dds.scr

[2010-03-15 00:12:07 | 000,014,580 | ---- | M] () -- C:\Users\Jonas\Desktop\Fem frågor till mig.docx

[2010-03-14 17:25:40 | 000,024,064 | ---- | M] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-14 15:54:49 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$psats_bild_farg_.dot

[2010-03-14 01:55:42 | 000,119,136 | ---- | M] () -- C:\Users\Jonas\Desktop\bild-3_78402736.png

[2010-03-13 19:39:04 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$m frågor till mig.docx

[2010-03-13 14:13:05 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010-03-13 14:12:42 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010-03-13 14:12:42 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010-03-13 14:11:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010-03-11 22:54:06 | 000,010,275 | ---- | M] () -- C:\Users\Jonas\Desktop\Potentiella praktikplatser.docx

[2010-03-11 10:46:01 | 000,713,147 | ---- | M] () -- C:\Users\Jonas\Desktop\Träningstabletter beställda kvitto.docx

[2010-03-09 18:24:54 | 000,022,317 | ---- | M] () -- C:\Users\Jonas\Desktop\V%C3%A4gledd%20yrkespraktik-Intyg%20om%20praktikterminen%20f%C3%B6r%20ev%20praktikplatser.pdf

[2010-03-08 19:29:00 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$m 2 Metod.docx

[2010-03-08 06:28:15 | 000,000,165 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$Power Point Möbelbranschen.pptx

[2010-03-06 09:46:12 | 001,428,332 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010-03-06 09:46:12 | 000,610,424 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010-03-06 09:46:12 | 000,599,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-03-06 09:46:12 | 000,123,466 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010-03-06 09:46:12 | 000,106,458 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-03-01 11:15:28 | 000,019,764 | ---- | M] () -- C:\Users\Jonas\Desktop\Personligt brev till vägledd yrkespraktik.docx

[2010-03-01 09:59:57 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$rsonligt brev till vägledd yrkespraktik.docx

[2010-02-28 23:57:33 | 000,053,609 | ---- | M] () -- C:\Users\Jonas\Desktop\pizza.jpg

[2010-02-28 23:33:37 | 000,003,579 | ---- | M] () -- C:\Users\Jonas\Desktop\CV+Jonas+Bornsater+2010-02-28[1].pdf

[2010-02-28 21:37:45 | 000,022,133 | ---- | M] () -- C:\Users\Jonas\Documents\Motivationsbrev till HDK[1].docx

[2010-02-25 16:16:37 | 000,132,936 | ---- | M] () -- C:\Users\Jonas\AppData\Local\GDIPFONTCACHEV1.DAT

[2010-02-25 16:14:09 | 000,447,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010-02-24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010-02-22 20:59:17 | 000,109,443 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\nvModes.dat

[2010-02-22 16:51:14 | 000,041,312 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwwfp.sys

[2010-02-22 16:51:04 | 000,032,584 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys

[2010-02-22 16:50:56 | 000,134,488 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfw.sys

[2010-02-22 16:50:06 | 000,114,984 | ---- | M] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys

[2010-02-22 16:47:22 | 000,133,512 | ---- | M] (ESET) -- C:\Windows\System32\drivers\eamonm.sys

[2010-02-21 00:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2010-02-21 00:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2010-02-17 16:44:35 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$ntor-1[1].doc

[2010-02-17 16:38:43 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$rknadsföringsteoriTENTAFRÅGOR[1] antons.doc

[2010-02-17 16:38:24 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$mmanställning alla tentafrågor.docx

[2010-02-16 16:20:51 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$xt till sem 3.docx

[2010-02-16 12:17:18 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$Sem 3.docx

[2010-02-12 11:32:56 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

[2010-01-31 13:15:20 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010-01-29 10:13:44 | 000,022,031 | ---- | M] () -- C:\Users\Jonas\Documents\Rövhora.docx

[2010-01-26 20:20:32 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$CV.docx

[2010-01-25 13:00:35 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010-01-25 13:00:35 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010-01-25 13:00:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010-01-25 13:00:22 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010-01-25 12:58:52 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010-01-25 09:21:20 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010-01-25 09:21:20 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010-01-25 09:21:18 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010-01-25 09:21:18 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010-01-23 10:26:13 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010-01-06 19:24:20 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$uppsats Sabina n crew.doc

[2010-01-06 19:23:50 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$ponering.docx

[2010-01-06 16:39:38 | 001,696,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010-01-06 16:38:47 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010-01-06 14:30:41 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010-01-04 09:01:34 | 000,000,285 | ---- | M] () -- C:\Windows\win.ini

[2010-01-03 14:44:00 | 000,000,165 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$youtube statistik(1).xlsx

[2010-01-03 14:24:38 | 000,000,162 | -H-- | M] () -- C:\Users\Jonas\Desktop\~$ta text.docx

[2010-01-02 07:33:32 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010-01-02 07:33:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010-01-02 07:32:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010-01-02 07:32:46 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010-01-02 07:32:33 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010-01-02 07:32:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010-01-02 07:32:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010-01-02 07:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010-01-02 07:32:32 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010-01-02 07:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010-01-02 05:57:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010-01-02 05:56:50 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010-01-02 05:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010-01-02 05:55:54 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[30 C:\Users\Jonas\Desktop\*.tmp files -> C:\Users\Jonas\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-03-17 23:14:44 | 000,022,789 | ---- | C] () -- C:\Users\Jonas\Desktop\text - norrgavel&GAD[1] med kommentarer.docx

[2010-03-17 18:49:36 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010-03-17 16:13:42 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys

[2010-03-17 14:59:17 | 000,843,187 | ---- | C] () -- C:\Users\Jonas\Desktop\SecurityCheck.exe

[2010-03-17 14:08:01 | 000,525,824 | ---- | C] () -- C:\Users\Jonas\Desktop\dds.scr

[2010-03-14 15:54:49 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$psats_bild_farg_.dot

[2010-03-14 02:05:14 | 000,119,136 | ---- | C] () -- C:\Users\Jonas\Desktop\bild-3_78402736.png

[2010-03-13 19:39:04 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$m frågor till mig.docx

[2010-03-11 10:21:34 | 000,713,147 | ---- | C] () -- C:\Users\Jonas\Desktop\Träningstabletter beställda kvitto.docx

[2010-03-09 22:21:59 | 000,014,580 | ---- | C] () -- C:\Users\Jonas\Desktop\Fem frågor till mig.docx

[2010-03-09 18:24:54 | 000,022,317 | ---- | C] () -- C:\Users\Jonas\Desktop\V%C3%A4gledd%20yrkespraktik-Intyg%20om%20praktikterminen%20f%C3%B6r%20ev%20praktikplatser.pdf

[2010-03-08 19:29:00 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$m 2 Metod.docx

[2010-03-08 06:28:15 | 000,000,165 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$Power Point Möbelbranschen.pptx

[2010-03-01 22:18:21 | 000,010,275 | ---- | C] () -- C:\Users\Jonas\Desktop\Potentiella praktikplatser.docx

[2010-03-01 09:59:57 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$rsonligt brev till vägledd yrkespraktik.docx

[2010-03-01 00:07:23 | 000,053,609 | ---- | C] () -- C:\Users\Jonas\Desktop\pizza.jpg

[2010-02-28 23:33:37 | 000,003,579 | ---- | C] () -- C:\Users\Jonas\Desktop\CV+Jonas+Bornsater+2010-02-28[1].pdf

[2010-02-28 22:30:54 | 000,019,764 | ---- | C] () -- C:\Users\Jonas\Desktop\Personligt brev till vägledd yrkespraktik.docx

[2010-02-28 21:37:42 | 000,022,133 | ---- | C] () -- C:\Users\Jonas\Documents\Motivationsbrev till HDK[1].docx

[2010-02-17 16:44:35 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$ntor-1[1].doc

[2010-02-17 16:38:43 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$rknadsföringsteoriTENTAFRÅGOR[1] antons.doc

[2010-02-17 16:38:24 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$mmanställning alla tentafrågor.docx

[2010-02-16 16:20:51 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$xt till sem 3.docx

[2010-02-16 12:17:18 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$Sem 3.docx

[2010-01-31 13:15:18 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010-01-29 10:13:42 | 000,022,031 | ---- | C] () -- C:\Users\Jonas\Documents\Rövhora.docx

[2010-01-26 20:20:32 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$CV.docx

[2010-01-06 19:24:20 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$uppsats Sabina n crew.doc

[2010-01-06 19:23:50 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$ponering.docx

[2010-01-03 14:44:00 | 000,000,165 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$youtube statistik(1).xlsx

[2010-01-03 14:24:38 | 000,000,162 | -H-- | C] () -- C:\Users\Jonas\Desktop\~$ta text.docx

[2009-09-17 11:13:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-03-01 16:08:07 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008-11-07 20:08:41 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini

[2008-10-25 14:34:21 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI

[2008-08-11 18:42:06 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll

[2008-08-11 18:42:04 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini

[2008-06-14 10:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll

[2008-06-14 10:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll

[2008-06-14 10:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2008-06-14 10:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2008-04-05 10:21:43 | 000,000,151 | ---- | C] () -- C:\Windows\bokw.ini

[2008-04-05 10:21:28 | 000,000,146 | ---- | C] () -- C:\Windows\kundkort.ini

[2008-03-31 20:09:39 | 000,217,088 | ---- | C] () -- C:\Windows\System32\myk7ql.dll

[2008-03-31 20:09:39 | 000,139,264 | ---- | C] () -- C:\Windows\System32\vsppg7.dll

[2008-03-31 20:09:36 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll

[2008-03-31 20:09:36 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll

[2008-03-31 20:09:34 | 000,748,160 | ---- | C] () -- C:\Windows\System32\CO2C40EN.DLL

[2008-03-27 13:14:49 | 000,109,443 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\nvModes.001

[2008-02-14 22:36:31 | 000,000,178 | ---- | C] () -- C:\Windows\iSC.INI

[2008-02-14 03:20:31 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2008-01-14 14:59:16 | 000,715,248 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008-01-14 11:36:06 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI

[2008-01-11 15:58:50 | 000,000,680 | ---- | C] () -- C:\Users\Jonas\AppData\Local\d3d9caps.dat

[2008-01-10 19:17:39 | 000,024,206 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\UserTile.png

[2008-01-10 17:08:36 | 000,109,443 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\nvModes.dat

[2008-01-10 16:30:47 | 000,024,064 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-01-10 16:24:34 | 000,000,093 | ---- | C] () -- C:\Users\Jonas\AppData\Local\fusioncache.dat

[2007-03-29 21:00:40 | 000,203,264 | ---- | C] () -- C:\Windows\System32\CddbCdda.dll

[2007-03-27 03:56:54 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007-02-13 08:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2004-12-19 14:29:40 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2004-12-19 14:17:10 | 000,745,472 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2002-10-06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2002-10-05 00:04:24 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll

[2002-10-05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2002-10-05 00:04:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

[2002-05-16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

 

========== LOP Check ==========

 

[2008-01-13 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\.ABC

[2009-02-17 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\aAvgApi

[2009-04-26 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Agency9

[2010-03-17 00:13:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Azureus

[2009-02-22 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DAEMON Tools

[2008-01-14 15:06:54 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\DAEMON Tools Pro

[2010-03-11 18:00:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ESET

[2009-11-21 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Gizmo

[2008-10-09 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Glocalnet

[2008-01-13 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Grisoft

[2008-12-25 17:06:18 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ImgBurn

[2008-01-10 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Netscape

[2009-04-01 15:58:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Nokia

[2008-02-01 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Packard Bell

[2008-05-18 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\PC Suite

[2008-01-10 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\PeerNetworking

[2009-10-17 11:46:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Personal

[2010-03-13 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Spotify

[2009-10-17 11:44:40 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TiFiC

[2009-12-13 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Uniblue

[2008-01-17 23:29:59 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\PBReg.job

[2008-02-24 19:00:00 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\PBRegbk.job

[2010-03-18 11:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator.job

[2010-03-18 00:13:45 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010-03-18 11:20:28 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DDF32D9C-B5D1-4B1B-A079-9136B65F6C8B}.job

[2010-03-18 11:00:01 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Utökad garanti.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009-03-31 20:19:14 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009-04-11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006-03-11 19:19:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010-03-18 09:55:02 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys

[2006-11-29 22:38:58 | 000,000,512 | ---- | M] () -- C:\MSP.iss

[2010-03-18 09:55:00 | 2451,251,200 | -HS- | M] () -- C:\pagefile.sys

[2008-02-05 00:08:21 | 000,002,559 | ---- | M] () -- C:\rollback.ini

[2008-12-13 11:34:27 | 000,002,394 | ---- | M] () -- C:\sample.txt

[2008-12-13 11:34:27 | 000,002,554 | ---- | M] () -- C:\sample1.txt

[2008-02-02 12:33:16 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat

[2006-03-11 11:13:56 | 000,000,086 | ---- | M] () -- C:\setup.log

[2008-10-27 18:16:23 | 000,007,888 | ---- | M] () -- C:\StarBurn.log

 

 

< MD5 for: AGP440.SYS >

[2008-01-18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008-01-18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008-01-18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008-01-18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008-01-18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008-01-18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008-02-14 03:16:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008-02-14 03:16:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008-02-14 03:16:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2007-03-21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

[2007-03-21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys

[2007-03-21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys

[2007-03-21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

 

< MD5 for: IASTORV.SYS >

[2008-01-18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008-01-18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2006-11-02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008-01-18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008-01-18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008-01-18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008-01-18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

[2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006-11-02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006-11-02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006-11-02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009-03-08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009-03-08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2009-04-11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll

[2009-04-11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Users\Jonas\Documents\Updater5:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jonas\Documents\Notes:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jonas\Documents\My Virtual Machines:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jonas\Documents\My Stationery:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jonas\Documents\Mina mottagna filer:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jonas\Documents\Mina Google Gadgets:Roxio EMC Stream

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to comment
Share on other sites

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är påslagen:

Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar

 

Vad finns i mappen C:\Users\Jonas\Documents\e4w68hzh? Det är ett udda namn på en mapp.

 

[2010-01-21 19:40:36 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

21 januari ser du ut att ha installerat MBAM. Var det innan eller efter att datorn blev seg? Hittade MBAM något?

 

Du har väldigt mycket Office-dokument liggande på skrivbordet samt en massa dolda arbetsfiler från Office. Jag föreslår att du flyttar dem till Mina dokument eller någon annan mapp. Kontrollera med Datorn/Utforskaren med visning av dolda filer påslagen att du verkligen har fått med alla dolda filer.

 

Vad finns i mappen C:\ProgramData\TEMP?

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. Upprepa med nästa filnamn.

C:\Windows\System32\myk7ql.dll

C:\Windows\System32\vsppg7.dll

C:\Windows\System32\P2irdao.dll

C:\Windows\System32\P2ctdao.dll

C:\Windows\System32\CO2C40EN.DLL

C:\Windows\System32\CddbCdda.dll

C:\Program\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

Link to comment
Share on other sites

Jag kollade och UAC:n var påslagen.

 

e4w68hzh är ett udda namn men det är jag som har döpt mappen till.

 

Det kan ha varit i samma veva som jag testade MBAM som det började trassla. Tror inte att jag hittade nått med det.

 

Nu är det mesta flyttat från skrivbordet till dokument.

 

Jag hittade faktiskt inte mappen C:\ProgramData\TEMP fören jag valde att visa dolda filer. Men den mappen är tom.

 

Jag testade med alla filnamn, men det var bara de här två som gick testa. När jag försökte med resterande stod det att "filen har redan blivid analyserad".

 

C:\Windows\System32\myk7ql.dll

 

http://www.virustotal.com/sv/analisis/b322651993562b893ec1619af10cd8d31fd4f76329742d6808e95a307927d0c3-1269028110

 

C:\Windows\System32\P2ctdao.dll

 

http://www.virustotal.com/sv/analisis/26e678a87d5de5e5fb99d7cb1ac8919d8ab448fca74b72174b79d5933d5c6fb5-1269032616

 

 

Link to comment
Share on other sites

Jag hittade faktiskt inte mappen C:\ProgramData\TEMP fören jag valde att visa dolda filer. Men den mappen är tom.
Ta bort den då för det är inte en mapp som brukar finnas.

 

När du laddar upp en fil på virustotal och det kommer upp att den redan har blivit analyserad så finns det en knapp att trycka på som är för att få upp resultatet/rapporten från förra gången. Tryck på den knappen och klistra in länken till sidan som kommer upp.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...